Microsoft Warns of Flaws in VM
Microsoft released fixes for eight new vulnerabilities in its Virtual machine software.Microsoft Corp. Thursday released fixes for eight new vulnerabilities in its Virtual machine software, the most serious of which gives attackers the ability to take control of vulnerable PCs. The Microsoft VM is used to run Java applets in Windows environments and ships with most versions of Windows and Internet Explorer. The most dangerous of the new flaws lies in the way that Java programs access COM objects. The vulnerability allows untrusted applets to access some COM objects, making it possible for an attacker to completely compromise a target system.
Two of the other vulnerabilities allow a Java applet to disguise the location of its code base. This, in turn, could allow an applet on a Web sitewhich by default has read access to the folder in which it resides and the folders below itto mask its location and act as if its located on a users local machine or network share.